What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI
Course Of The Month
2 days, 18 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Why does loopback mode trump GPPE drive maps but not GPO user logon script?
Posted on 2013-06-17
I recently migrated my users to a new GPO structure, taking advantage of numerous Group Policy Preferences. I’ve stumbled on to an issue where users’ drive mappings are not being made when they log into a conference room computer.
These conference room computers have loopback enabled (“Replace”) so I can lock several, albeit minor, settings down. The drive mappings are done via User GPPE > Windows Settings > Drive Maps. In the old days, I did it with a GPO user logon script (which worked). The GPPE drive maps do not work.
If I change the loopback mode to “merge”, it will work, but then I lose my ability to lock stuff down.
Anyone have an explanation or advice how to get around this?
These conference room computers have loopback enabled (“Replace”) so I can lock several, albeit minor, settings down. The drive mappings are done via User GPPE > Windows Settings > Drive Maps. In the old days, I did it with a GPO user logon script (which worked). The GPPE drive maps do not work.
If I change the loopback mode to “merge”, it will work, but then I lose my ability to lock stuff down.
Anyone have an explanation or advice how to get around this?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
1 Comment
Active 1 day ago
To start with: you don't lose the ability to "lock stuff down" with Loopback processing in Merge mode.
All that Loopback mode does is tell the OS to apply user configuration GPOs based on the OU where the computer account is.
In "Merge" mode, the user configuration GPOs will be applied based on the user object's location in AD first, then the user configuration GPOs based on the computer object's location in AD (so that with concurrent policies, the one applied via Loopback will always win).
In "Replace" mode, any user configuration GPO based on the user object's location in AD will be skipped altogether, and only the ones linked to the computer object's location will be applied.
So you can either use "Merge" mode, making use of the Loopback's higher priority to lock down whatever was allowed in the default GPOs, or you can use "Replace" mode to log the users on with a clean slate, put all the drive mapping GPPs into their own dedicated GPO, and link the drive mapping GPO not only to the user OU, but to the conference room OU as well (or duplicate the GPPs, but if you need the same drive mappings, then that's not really the best solution).
Loopback processing of Group Policy
http://support.microsoft.com/kb/231287
All that Loopback mode does is tell the OS to apply user configuration GPOs based on the OU where the computer account is.
In "Merge" mode, the user configuration GPOs will be applied based on the user object's location in AD first, then the user configuration GPOs based on the computer object's location in AD (so that with concurrent policies, the one applied via Loopback will always win).
In "Replace" mode, any user configuration GPO based on the user object's location in AD will be skipped altogether, and only the ones linked to the computer object's location will be applied.
So you can either use "Merge" mode, making use of the Loopback's higher priority to lock down whatever was allowed in the default GPOs, or you can use "Replace" mode to log the users on with a clean slate, put all the drive mapping GPPs into their own dedicated GPO, and link the drive mapping GPO not only to the user OU, but to the conference room OU as well (or duplicate the GPPs, but if you need the same drive mappings, then that's not really the best solution).
Loopback processing of Group Policy
http://support.microsoft.com/kb/231287
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately.
This Article and the Links apply to…
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast. There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
- Windows 10
- Microsoft Legacy OS
- Windows 8
- Windows OS
- Windows 7
- Windows Vista, Windows XP, Windows 2000, *Windows Explorer, *Internet Explorer (IE)
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month2 days, 18 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
621 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.